Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2016-5715
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: thi...
Puppet Puppet Enterprise
5.8
CVSSv2
CVE-2015-6501
Open redirect vulnerability in the Console in Puppet Enterprise prior to 2015.2.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
Puppet Puppet Enterprise
5.8
CVSSv2
CVE-2013-4955
Open redirect vulnerability in the login page in Puppet Enterprise prior to 3.0.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
5.8
CVSSv2
CVE-2013-4762
Puppet Enterprise prior to 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote malicious users to hijack sessions by obtaining an old session ID.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
5.8
CVSSv2
CVE-2013-4962
The reset password page in Puppet Enterprise prior to 3.0.1 does not force entry of the current password, which allows malicious users to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
5.5
CVSSv2
CVE-2021-27024
A flaw exists in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0
Puppet Continuous Delivery
5.5
CVSSv2
CVE-2017-2293
Versions of Puppet Enterprise before 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rel...
Puppet Puppet Enterprise 2016.5.2
Puppet Puppet Enterprise 2017.1.1
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2016.5.1
Puppet Puppet Enterprise 2017.1.0
5.5
CVSSv2
CVE-2011-0528
Puppet 2.6.0 up to and including 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Puppet Puppet 2.6.3
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
5
CVSSv2
CVE-2021-27023
A flaw exists in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Puppet Puppet Server
Puppet Puppet Agent
Puppet Puppet Enterprise
Fedoraproject Fedora 35
5
CVSSv2
CVE-2020-25613
An issue exists in Ruby up to and including 2.5.8, 2.6.x up to and including 2.6.6, and 2.7.x up to and including 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue ...
Ruby-lang Ruby
Ruby-lang Webrick
Fedoraproject Fedora 32
Fedoraproject Fedora 33
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »